[00:03.650 --> 00:07.520]  Hello, this is Point-of-Sale Terminal Security Uncovered.
[00:07.560 --> 00:13.780]  My name is Alexey Stanikov, I am a hardware researcher, and I am going to talk about payment hardware security.
[00:14.100 --> 00:20.500]  When I started this research, I faced the lack of useful information related to these kinds of devices.
[00:21.400 --> 00:26.280]  All vendors still keep it a secret that there are technologies used in such hardware.
[00:26.420 --> 00:31.920]  Because of many reasons, Point-of-Sale Terminal Security is still a blind spot.
[00:31.920 --> 00:40.020]  This talk is a combination of two years of research related to payment devices, which handles your payment card data.
[00:40.040 --> 00:48.540]  I am going to present general approach to understand the internals of hardware, common weaknesses, and additionally, some of our results.
[00:48.760 --> 00:50.380]  So, let's start.
[00:53.220 --> 00:59.000]  As you can see, this presentation is divided into two main parts – hardware and software.
[00:59.000 --> 01:05.980]  Every topic in this list could be a separate talk, but I tried to highlight the most important things for each of them.
[01:07.300 --> 01:12.360]  At the first step, we have to understand that a POS system is not equal to POS terminal.
[01:12.800 --> 01:20.220]  Basically, Point-of-Sale Terminal, or Pinpad, is a part of Point-of-Sale system, or just a standalone device.
[01:20.680 --> 01:27.320]  Also, Point-of-Sale system may have a register, which in most cases is built on Windows-based PC.
[01:27.320 --> 01:34.100]  Additional hardware, like a barcode scanners, and can be integrated to ERP systems.
[01:34.380 --> 01:42.960]  Often, when we see the title like someone hacked the POS, it means hack of register or cashier workstation.
[01:43.260 --> 01:49.160]  Let's look at typical data flow in such systems, to define entry points for intruder.
[01:49.400 --> 01:52.900]  This is typical Point-of-Sale interaction scheme.
[01:53.000 --> 01:55.680]  What can go wrong in this case?
[01:55.680 --> 01:59.620]  As you can see, Pinpad has two kinds of interactions.
[01:59.620 --> 02:06.820]  First one is an interaction with terminal management system and payment processor through the Internet.
[02:07.240 --> 02:13.040]  Second one is an interaction with Point-of-Sale application using local network.
[02:13.420 --> 02:23.540]  Communication channel between the Pinpad and third-party application or Point-of-Sale application can be configured in two different ways, secure and insecure.
[02:23.540 --> 02:31.960]  Common attack in this case is indifference between amount shown on Pinpad and amount really charged from your card.
[02:32.360 --> 02:35.180]  This is about vulnerable configuration.
[02:35.400 --> 02:40.000]  But I want to pay attention to the most common thing in my talk.
[02:40.000 --> 02:47.620]  Just keep in mind to keep configuration as secure as possible, if you are maintainer of such systems.
[02:48.420 --> 02:52.860]  I am sure that you recognized at least two of these terminals.
[02:52.860 --> 02:57.740]  First two vendors are well-known for United States and European countries.
[02:57.900 --> 03:04.820]  And as far as I know, PAX is widely used in Russia and Asian countries because it's cheaper than previous two.
[03:05.100 --> 03:10.320]  If you try to connect to Pinpad via network connection, you will be surprised.
[03:10.660 --> 03:16.760]  There are no listening ports and one or two outcoming connections to some bank servers.
[03:16.780 --> 03:20.520]  In this case, you have to look at other physical ports.
[03:20.520 --> 03:25.580]  The interfaces exposed to intruder are basically attack surface.
[03:25.640 --> 03:39.860]  They can be divided to general communication interfaces like Ethernet, RS-232, different wireless interfaces and specific payment card interfaces, EMV and NFC.
[03:39.860 --> 03:55.400]  In some documentation you may find information that some of them are not used, but in real life operating system has drivers and handlers for some specific peripherals like barcode scanners and external receipt printers.
[03:56.480 --> 04:01.620]  The next important thing is rules how the payment hardware should be built.
[04:01.660 --> 04:08.740]  I know that regulation is a boring stuff, but it may provide a lot of information about physical security tests and behavior.
[04:08.740 --> 04:13.000]  Every payment terminal should satisfy these requirements and regulations.
[04:13.000 --> 04:18.180]  In any other cases, it can be approved to work with payment data.
[04:18.380 --> 04:22.980]  The first one is Pinintr devices physical security requirements.
[04:22.980 --> 04:31.600]  It defines protection measures against pin disclosing attacks like tamper detection, response mechanisms and other cases.
[04:31.600 --> 04:41.880]  For example, if reader permits access to internal areas, it is not possible using this access area to insert pin disclosing bug.
[04:42.780 --> 04:48.360]  Also sensitive functions or information are only used in protected areas.
[04:49.300 --> 04:51.980]  The next one is pin transaction security.
[04:51.980 --> 04:53.820]  They are almost the same.
[04:53.820 --> 04:57.040]  Both have purpose to prevent pin disclosing.
[04:57.040 --> 05:04.160]  These requirements also define tamper protection, sensitive data erasing, etc, etc.
[05:04.680 --> 05:08.180]  And what is the sensitive data is a question.
[05:08.560 --> 05:13.220]  Every vendor chose their own interpretation and way to erase.
[05:13.960 --> 05:18.920]  Let's have a look to common security mechanisms and anti-tampering.
[05:18.920 --> 05:25.260]  According to previous rules and payment system requirements, the following events should be registered,
[05:25.260 --> 05:35.070]  like a case opening, security circuit damage, power supply anomalies, also temperature anomalies, accelerometer anomalies,
[05:35.800 --> 05:39.980]  and finally, debugging interfaces connection.
[05:40.000 --> 05:44.360]  Two or more of them should be interpreted as intrusion.
[05:44.360 --> 05:55.460]  As a result, the terminal should lock the event, erase encryption keys, delete sensitive information, and finally become brick.
[05:55.760 --> 06:03.980]  This slide shows you tamper detection list we have extracted from Ingenio-Catalium-2 operating system code.
[06:03.980 --> 06:08.400]  As you may see, there are a lot of power supply detectors,
[06:08.400 --> 06:14.660]  JTAG connection detector, and mechanical tamper detectors like meshes or switches.
[06:15.180 --> 06:17.780]  Let's look at each of them.
[06:18.100 --> 06:23.700]  When you disassemble Ingenica pinpad, you will see a lot of membrane switches.
[06:23.740 --> 06:28.880]  Some of them are assigned to real buttons like numeric and navigation buttons.
[06:28.880 --> 06:31.180]  They are highlighted with green color.
[06:31.180 --> 06:34.060]  But what are the red membranes?
[06:34.100 --> 06:36.540]  They are mechanical tamper detectors.
[06:36.540 --> 06:39.580]  They are pressed by the pinpad body when assembled.
[06:39.800 --> 06:51.800]  When you start to rotate any screw in order to disassemble, the microcontroller receives a hardware interrupt, wakes up, and do defined actions to protect its data.
[06:51.840 --> 06:57.160]  Another critical measure is a wire mesh, as shown on this slide.
[06:57.160 --> 07:01.900]  It has two main purposes, anti-drilling protection and obfuscation.
[07:01.900 --> 07:08.640]  Case on this slide covers smart card reader and registers drilling when protection circuit is destroyed.
[07:08.760 --> 07:14.480]  This kind of meshes you also may find on print circuit boards and ribbon cables.
[07:14.760 --> 07:26.820]  And finally, this is example of tampered devices as a result of some of our attempts.
[07:26.820 --> 07:32.840]  Some of them became unusable, and some of them asks you for factory password.
[07:32.840 --> 07:37.100]  The main idea is when device is tampered, it should be passed to service.
[07:37.520 --> 07:46.220]  Basically, only authorized service may restore the device, and only bank service can restore it and lower the application.
[07:46.360 --> 07:50.180]  And what consequences anti-tampering bypass may have?
[07:50.180 --> 07:56.300]  One example related to mobile point-of-sale demonstrated on Black Hat United States.
[07:56.300 --> 08:01.780]  The researchers realized that this device doesn't have any anti-tampering detectors.
[08:02.020 --> 08:08.720]  They found points on circuit to connect in order to obtain encrypted magstripe data.
[08:08.720 --> 08:14.660]  And finally, it allows them to collect sensitive payment information directly from device.
[08:14.840 --> 08:19.320]  Another cool research made by SR Labs and presented on CCC.
[08:19.320 --> 08:27.480]  Among their findings were anti-tampering bypass, unlocked and exposed JTAG connection, and software vulnerabilities.
[08:27.600 --> 08:31.660]  What you may do with such vulnerabilities, we will discuss a bit later.
[08:31.920 --> 08:38.260]  Anyway, these findings compromised the whole device, and now it's deprecated.
[08:40.000 --> 08:43.660]  Another two examples related to the relay attacks and scheming.
[08:43.660 --> 08:46.600]  You can read more using the links below.
[08:46.600 --> 08:51.380]  And now it's time to talk about debugging maintenance features.
[08:52.880 --> 08:59.020]  When you disassembled the point-of-sale terminal, you realized that it is a very complex device.
[08:59.060 --> 09:04.020]  Your imagination and background paint something like what you see on this slide.
[09:04.020 --> 09:09.600]  Because you know that the iPhone, for example, has a very specific JTAG adapter.
[09:09.600 --> 09:17.800]  In this case, you can find some forum topics about firmware uploading, tamper clearing, and related stuff.
[09:18.100 --> 09:21.020]  But this is what you see in reality.
[09:21.760 --> 09:29.340]  Verifone and PEX use the adapter from simple RS-232 to Ethernet connector with custom wiring.
[09:29.340 --> 09:31.840]  You can reproduce them yourself.
[09:31.900 --> 09:37.440]  Injenica used just a usual USB port for firmware uploading and service actions.
[09:37.440 --> 09:45.440]  These cables are used for factory reset, clear security flags, upload firmware, and sometimes for specific debugging.
[09:45.820 --> 09:53.800]  But at the moment we still don't have firmware and don't know any information about architecture of microcontroller.
[09:53.820 --> 09:56.420]  And now we should fill this gap.
[09:56.860 --> 10:00.300]  Teardown is my favorite step when I work with new hardware.
[10:00.300 --> 10:08.840]  It delivers a lot of happiness to you, as a favorite thing to all children is to broke new toy and see what do they have inside.
[10:10.060 --> 10:16.100]  In the case if you already have the firmware, it's good to understand the internals of hardware.
[10:16.200 --> 10:26.460]  If you properly define the exact CPU or MCU, it helps you to understand the operating system internals, peripherals, and other helpful things.
[10:26.460 --> 10:37.160]  This is an example of old model made by Verifone. It built using Samsung ARM-based CPU. You may read more about using a link below.
[10:50.960 --> 10:54.920]  But our region of interest is more modern devices.
[10:54.920 --> 11:03.620]  This is the internals of modern Verifone 520. Here you can see the branded MCU and non-flash memory.
[11:03.640 --> 11:07.580]  Definitely this MCU should be relatively popular one.
[11:07.580 --> 11:14.020]  But in this case it is rebranded. It makes more difficult to understand the firmware internals.
[11:14.440 --> 11:19.820]  In this case firmware could be dumped from non-flash memory using non-programmer.
[11:19.820 --> 11:24.060]  Luckily I found one guy in Twitter who solved the same task.
[11:24.860 --> 11:33.100]  He defined the exact model of MCU by pinout. It was Broadcom Secure MCU BCM5892.
[11:33.340 --> 11:39.700]  You can find header files with definitions of all peripherals in some Linux kernel sources.
[11:39.700 --> 11:47.600]  There are some other ways to determine the exact MCU. And I am going to show one of them in next slides.
[11:49.720 --> 11:56.680]  The next one is Ingenico pinpad. There is basically no difference is it portable or countertop.
[11:56.740 --> 12:04.040]  They all built using the same hardware and uses the same operating system. I am sure it is well known for all of you.
[12:04.880 --> 12:08.140]  You saw this photo on the slide with tampering detectors.
[12:08.140 --> 12:13.160]  In this case pay attention to the microcontroller under the membrane.
[12:13.960 --> 12:18.860]  It is branded cryptoprocessor. They called it booster in their binaries.
[12:18.940 --> 12:27.680]  It stores the encryption keys inside and handles the most of critical cryptography tasks like updates, signature checks, etc.
[12:30.440 --> 12:36.760]  This is other side of print circuit board. And we see another branded microcontroller.
[12:36.760 --> 12:41.040]  They called it application processor according to its purpose.
[12:41.180 --> 12:45.840]  Exactly you can find any information about this microcontroller.
[12:46.040 --> 12:52.480]  As in previous case flash memory in upper left corner stores operating system and application codes.
[12:54.400 --> 13:09.170]  You can desolder the flash memory in order to obtain operating system and application code for research.
[13:09.170 --> 13:16.750]  In this case it is good to know the exact MCU to understand work with peripherals and other peculiarities.
[13:17.090 --> 13:22.190]  One other important thing is flash contents you are going to dump is compressed.
[13:22.190 --> 13:25.490]  You should solve unpacking task by yourself.
[13:25.690 --> 13:33.610]  Booster probably is one of Atmel Cortex-M3 MCU series but in unusual package.
[13:33.610 --> 13:39.630]  I can't do anything in this case without laboratory and tools for decaping.
[13:39.630 --> 13:43.490]  Application processor looks like general purpose microcontroller.
[13:43.490 --> 13:46.630]  And I tried to define the exact model.
[13:47.890 --> 13:51.130]  This is another scenario to define MCU.
[13:51.130 --> 13:55.550]  At the first step I desoldered this MCU and defined the exact package.
[13:55.550 --> 14:00.490]  At the next step I made list of all microcontroller candidates for this package.
[14:00.870 --> 14:09.510]  Then I defined power supply pins by PCB using multimeter and filtered all unfit candidates by pinout.
[14:09.670 --> 14:15.310]  The next thing you can see in testpad close to the microcontroller.
[14:15.490 --> 14:20.910]  It may be interface used during production for factory flashing and setting up.
[14:20.910 --> 14:25.390]  This hypothesis is confirmed by pull-up resistor block.
[14:25.770 --> 14:28.310]  The next list I made was pinout candidates.
[14:28.310 --> 14:33.290]  At the moment I had list of microcontrollers only by microchip.
[14:33.290 --> 14:35.930]  This list is on the slide.
[14:36.710 --> 14:46.550]  And as a result I defined G-tag pinout and I think the exact model is AT91SAM9G20.
[14:46.550 --> 14:52.770]  We tried to apply memory and register maps to our banners and it's fit.
[14:52.810 --> 14:56.910]  But sadly the G-tag is turned off.
[14:56.910 --> 15:01.670]  The next case of pinpads is Chinese PAX point-of-sale terminals.
[15:01.670 --> 15:05.590]  They are very similar to Verifone by their internals.
[15:05.590 --> 15:08.820]  But it is completely different software inside.
[15:09.430 --> 15:14.830]  When you disassemble one of them you will find the same microcontroller.
[15:14.830 --> 15:24.990]  When you disassemble one of them you will find the same microcontroller and almost the same non-flash memory as used in all modern Verifones.
[15:25.750 --> 15:34.170]  Non-flash contents exposes to you encrypted and uncompressed binaries of proprietary operating system and application.
[15:34.170 --> 15:37.830]  Exactly the file system structure is proprietary.
[15:38.790 --> 15:45.130]  Now you can buy a couple of them from eBay for example and start your own payment hardware research.
[15:46.390 --> 15:49.970]  And a few words about tampering reset.
[15:49.970 --> 15:54.910]  Definitely all terminals have different ways to clear tampering flags.
[15:54.910 --> 15:59.170]  Some of them, like PAX, uses simple hard-coded passwords.
[15:59.170 --> 16:04.570]  Verifone models needed to upload dummy encryption keys to clear tamper flags.
[16:04.570 --> 16:10.650]  And in Jenica, as far as I know, storage security flags and keys in separate hardware controller.
[16:10.770 --> 16:14.710]  And it can be reset using an external hardware.
[16:15.430 --> 16:22.330]  Also some forum topics contain the information about maintenance, tampering, clearing, etc, etc.
[16:22.870 --> 16:29.610]  Here you may see tips from closed Russian forum about hard-coded passwords and special software.
[16:29.610 --> 16:36.750]  The true way to understand all things related to tampering is reverse engineering.
[16:37.270 --> 16:41.090]  What can you do if you can clear tampering flags?
[16:41.290 --> 16:48.370]  For example, when you cleared these flags, you are able to upload the application again and play with the configuration.
[16:49.310 --> 16:53.490]  You may try to write and upload your own firmwares.
[16:53.490 --> 17:02.450]  Tamper clearing may help you to restore after your experiments or use it opened in order to research internal interfaces using logical analyzer.
[17:02.790 --> 17:07.650]  Some of the pinpads are able to turn on some debug capabilities.
[17:08.030 --> 17:12.750]  And in this case, you can run any applications under the debugger.
[17:13.190 --> 17:19.730]  Now when we know some information about the hardware and connections, we should cover another blind spot.
[17:19.730 --> 17:21.730]  Payment card interfaces.
[17:21.730 --> 17:27.350]  EMV is a payment method based upon a technical standard for smart payment cards.
[17:27.350 --> 17:35.210]  EMV originally stood for EuroPay, MasterCard and Visa, the three companies which created the standard.
[17:35.270 --> 17:41.630]  In most cases, the hardware allows you to intercept and modify payment card data isn't cheap.
[17:41.630 --> 17:46.670]  In this case, we used a device called Smart Card Detective with custom firmware.
[17:46.670 --> 17:55.010]  Now it's not supported by original developer, but you can find the PCB and sources to assemble one for you.
[17:55.010 --> 17:58.570]  Here's a link with some information related to this device.
[17:59.350 --> 18:06.450]  In order to understand the EMV packets, you should read a bit about tagline value format.
[18:06.450 --> 18:14.830]  Then you should go to the official site of EMV and you will be surprised by amount of information what you should read.
[18:14.830 --> 18:19.990]  Now you see some information available for download and related to EMV.
[18:20.150 --> 18:30.250]  Every of these documents is very thick because it defines all things started from physical layer and deep description for every tag of EMV.
[18:30.770 --> 18:35.130]  I recommend you to read them briefly at least.
[18:38.300 --> 18:42.480]  Another interesting thing is NFC interface.
[18:42.480 --> 18:47.900]  Frame format is close to the EMV, but the physical layer is near field communication.
[18:48.100 --> 18:52.900]  There are some approaches to start to work with NFC depends on your skills.
[18:53.220 --> 18:55.730]  The most simple of them is Proxmark.
[18:56.060 --> 19:05.440]  Another way is assemble your own sniffer or repeater based on some available stuff like PN532 or TRF-based board.
[19:05.440 --> 19:11.540]  Also you can use Android device with NFC or something else that fits to your skills.
[19:11.540 --> 19:17.400]  Our assembly was PN532 based boards with Raspberry Pi Zero.
[19:17.400 --> 19:19.900]  It was cheap and dirty trick as you see.
[19:19.900 --> 19:24.580]  But the components for it available literally everywhere.
[19:25.200 --> 19:27.880]  And another batch of documentation.
[19:27.880 --> 19:30.580]  Now it is related to the NFC.
[19:30.880 --> 19:34.540]  There are many descriptions of contactless payment transactions.
[19:34.540 --> 19:38.000]  I also recommend read it briefly at least.
[19:38.000 --> 19:39.580]  Why is it important?
[19:39.580 --> 19:43.620]  Every card payment interaction has its own handler.
[19:44.220 --> 19:49.020]  And you are able to fuzz every check and you will be surprised.
[19:49.540 --> 19:55.620]  And now it is time to discuss the software and firmware part of point-of-sale terminals.
[19:58.230 --> 20:02.690]  During our research we faced two different operating systems.
[20:02.690 --> 20:11.390]  Part of them was completely proprietary like Verifone Verix, Sage Antelium used by Ingenico and PaxOS.
[20:11.950 --> 20:17.310]  They all have legacy codebase, proprietary binary format, etc.
[20:18.440 --> 20:22.130]  Another part was Linux-based devices.
[20:22.990 --> 20:27.370]  Android devices in this case are out of our scope.
[20:28.410 --> 20:32.430]  The first thing we have to understand is device boot order.
[20:32.430 --> 20:42.490]  It also has a lot of legacy because almost all of these operating systems developed before traditional secure boot approach became a mainstream.
[20:42.890 --> 20:46.750]  After reset zero-stage boot loader should be started.
[20:46.750 --> 20:52.570]  Usually it is located inside microcontroller in form of mass-corridor memory.
[20:52.570 --> 21:06.530]  It loads the next-step boot loader from flash memory and checks its cryptographic signature using the keys stored in OTP, read-only memory or any secure memory.
[21:06.530 --> 21:14.370]  Every next-step boot loader also should check the cryptographic signature of every loaded piece of code, etc.
[21:15.350 --> 21:20.310]  Every vendor reinvented their own boot order in this case.
[21:20.310 --> 21:23.010]  Sometimes the boot chain is very long.
[21:23.410 --> 21:28.930]  Finally, when operating system loads an application, it also should check its signature.
[21:29.470 --> 21:34.050]  This slide shows you the boot log from the Linux-based Verifone.
[21:34.470 --> 21:38.930]  Before the kernel started, we can see boot loader output.
[21:38.930 --> 21:41.830]  In this case, it is very talkative.
[21:41.830 --> 21:43.570]  It called SBI.
[21:43.710 --> 21:46.010]  Now we know its version.
[21:46.010 --> 21:50.250]  Also, it can load some files from USB stick.
[21:50.250 --> 21:52.590]  And it loaded uboot.
[21:52.590 --> 21:57.170]  And finally, kernel output disclosed the CPU model.
[21:57.590 --> 22:02.770]  Now you see the Verix operating system-based Verifone output.
[22:02.770 --> 22:05.810]  Surprisingly, it started the same boot loader.
[22:05.810 --> 22:13.030]  Again, it can work with USB sticks, but in this case it loads the proprietary operating system kernel.
[22:13.030 --> 22:17.320]  Please look at the operating system kernel output.
[22:17.590 --> 22:24.890]  Here you can see the Broadcom CPU model that was previously rebranded to internal Verifone name.
[22:25.050 --> 22:30.350]  In both cases, this boot loader located at the start of NAND flash.
[22:32.170 --> 22:38.090]  When we dumped the SBI boot loader, we are able to disassemble and research it.
[22:38.090 --> 22:45.470]  Surprisingly, it has a lot of features for factory resetting, maintenance and building command-line interface.
[22:45.470 --> 22:55.410]  But to run this command-line interface, you should exploit the vulnerability related to arbitrary memory write that we found during our research.
[22:57.950 --> 23:02.730]  Another good example is Ingenio Cartelium 2 based pinpads.
[23:02.730 --> 23:18.210]  Its maintenance mode contains a lot of features like boot tracing, firmware upload, operating systems and application updates, application tracing, application debug and also undisclosed command-line interface.
[23:19.920 --> 23:24.120]  Well, how to get into these maintenance modes?
[23:24.120 --> 23:27.760]  The answer we found in official documentation.
[23:27.760 --> 23:37.220]  As you see, to enter this mode, you have to press F2 and F4 during the boot of pinpad and enter the password.
[23:37.220 --> 23:44.640]  The default password in this case discussed many, many times, but no one changes it. Surprisingly.
[23:45.920 --> 23:51.080]  You may think that another terminals have more secure ways to enter this mode.
[23:53.770 --> 23:57.950]  This is Linux based Verifone model from MX series.
[23:58.610 --> 24:04.630]  And surprisingly, it has the same password with different hotkeys to enter the maintenance mode.
[24:04.630 --> 24:07.350]  It called the system mode in this case.
[24:07.470 --> 24:12.930]  At the first time when you enter to this mode, it asks you to change the password.
[24:13.010 --> 24:16.090]  And please look at that official screenshot.
[24:16.450 --> 24:22.390]  We all see that many people changes password to the same except one last digit.
[24:24.690 --> 24:31.570]  Completely different approach we found in IngeniCode telecom operating system based terminals.
[24:31.570 --> 24:37.830]  They uses a special software called LLT, as shown on the pinpad display.
[24:38.190 --> 24:40.710]  What can go wrong in this case?
[24:40.710 --> 24:47.210]  The application establishes the PPP connection over virtual USB serial.
[24:47.210 --> 24:54.470]  When it sends some bytes to pinpad, and pinpad launches the internal FTP server.
[24:54.470 --> 24:59.490]  This FTP server used for updates and configuration.
[24:59.490 --> 25:05.110]  The directory structure is shown in the LLT software interface.
[25:05.210 --> 25:07.050]  And the fun facts.
[25:07.050 --> 25:11.230]  The PPP connection uses constant hard-coded credentials.
[25:11.230 --> 25:18.410]  Custom protocol is clear text and has always the same bytes to open the FTP server.
[25:18.410 --> 25:26.290]  The FTP server also uses constant hard-coded credentials like FTP user or FTP password.
[25:26.350 --> 25:30.370]  You may do these findings without any reverse engineering.
[25:30.370 --> 25:39.730]  Just launch any USB sniffer on this USB bus and you surprisingly see that there is no encryption.
[25:42.540 --> 25:48.520]  And finally, you should pay attention to alternative work modes.
[25:48.520 --> 25:54.460]  In the case of Ingenico it called mockup mode and used for some software demonstration.
[25:54.480 --> 25:57.790]  Some security features are turned off in this mode.
[25:58.180 --> 26:04.640]  For other terminals like PUX you may find special firmwares that don't register tampering
[26:04.640 --> 26:10.600]  and allows you to run any applications without any cryptographic checks.
[26:10.600 --> 26:13.940]  The only one thing you will see in this case.
[26:13.940 --> 26:17.640]  This notification when device turns on.
[26:20.620 --> 26:25.480]  And now it's time to summarize all of our results in this research.
[26:25.480 --> 26:31.600]  Let's start from this well-known Linux-based verifon of MX series.
[26:32.240 --> 26:39.980]  In this case we don't discuss any old verifon MX models because they are deprecated by payment system.
[26:39.980 --> 26:43.780]  Because they were very buggy.
[26:43.780 --> 26:50.290]  At the first look the security measures are enough to make device unhackable.
[26:50.820 --> 26:56.490]  It has all traditional tampering detectors and additionally maintenance password,
[26:56.540 --> 27:02.320]  no declared access to command-line interface, signed updates.
[27:02.320 --> 27:08.410]  And on the Linux level it has well-configured role-based access control.
[27:08.410 --> 27:16.770]  But the reality multiplies these security measures by zero, because no one changes the default password.
[27:16.970 --> 27:23.210]  There is special mode when stdout and stdr logged via serial port exists.
[27:23.410 --> 27:33.570]  Also you may find interesting a lot of shell command injection directly from the user interface and very simple role-based access control bypass.
[27:33.570 --> 27:39.710]  The link to this research when the researcher started the Doom game is below.
[27:39.710 --> 27:45.230]  And again, we found the way to install and run unsigned packages.
[27:45.930 --> 27:51.030]  The next interesting case is Verix operating system-based terminals.
[27:51.150 --> 27:54.410]  I'm sure all of you saw this kind of devices.
[27:54.410 --> 28:03.910]  Please don't be confused by a wide range of modules like countertop, portable devices, devices with Bluetooth or with GSM modules.
[28:03.910 --> 28:11.390]  Every vulnerability you found in one device will work on every other Verix operating system-based device,
[28:11.390 --> 28:15.150]  because they all have the same code base.
[28:16.030 --> 28:26.570]  As the previous devices, Verix-based pinpads have the same measures like maintenance password, command-line interface doesn't exist,
[28:26.570 --> 28:33.770]  updates are signed and encrypted, and they should have well-tested and strong code base.
[28:34.350 --> 28:38.380]  But again, no one changes the maintenance password.
[28:38.690 --> 28:44.350]  During our research we found pre-installed binaries from standard OS package.
[28:44.350 --> 28:52.390]  One of them called VSH like Verix shell and can be run directly from maintenance mode.
[28:52.390 --> 28:55.490]  The result you may see on the screenshot.
[28:55.990 --> 29:02.410]  We found weak cryptography schemes which allows you to run any unsigned code.
[29:02.410 --> 29:09.570]  And finally, decryption keys for updates decryption could be extracted from the device memory.
[29:09.570 --> 29:16.910]  One of the most interesting sort of devices is Teleum operating system-based devices by Ingenico.
[29:17.370 --> 29:24.810]  I also showed that at least one of these devices from the picture is known for you in real life.
[29:25.170 --> 29:31.350]  And again, there is very wide range of devices with the same code base.
[29:31.370 --> 29:33.830]  Let's look at their security.
[29:34.490 --> 29:39.130]  The vendor approach looks like in previous cases, but with some peculiarities.
[29:39.130 --> 29:47.970]  For example, they use specialized software for maintenance and separate cryptoprocessor for cryptographic operations.
[29:48.050 --> 29:57.850]  And other things like tamper detectors, encryption, etc. etc. are standard for any point-of-sale terminals, as we already know.
[29:59.190 --> 30:03.390]  And what we realized during our Ingenico research.
[30:03.550 --> 30:07.270]  Private maintenance software is accessible from the Internet.
[30:07.270 --> 30:11.410]  A lot of protocols are accessible from the LLT mode.
[30:11.410 --> 30:13.390]  Some of them are vulnerable.
[30:13.390 --> 30:19.370]  Another one allows you to run device with some debug capabilities.
[30:20.050 --> 30:26.190]  Update signature doesn't matter if you have remote code execution on the device or debug.
[30:26.550 --> 30:30.510]  Finally, there is a lot of buggy legacy code.
[30:32.680 --> 30:36.870]  The last one kind of pinpads is PAX devices.
[30:36.870 --> 30:44.210]  They are less known for you, but the vendor approaches are less complex than any of previous cases.
[30:46.430 --> 30:51.170]  This is why I'd recommend to start your research from these models.
[30:51.170 --> 30:56.630]  Surprisingly, the maintenance software is accessible from the Internet again.
[30:56.630 --> 31:06.550]  Also, you can find operating system builds with turned-off security features for testing your own applications and to play with operating system kernel.
[31:07.070 --> 31:12.630]  And probably, you may do a lot of findings related to the legacy code base.
[31:17.400 --> 31:21.040]  Why you shouldn't afraid to start paying hardware research?
[31:21.040 --> 31:26.040]  Basically, you don't need to have any banking account to interact with hardware.
[31:26.040 --> 31:34.220]  The only thing you need at start is buy a couple of such pinpads and be ready that some of them goes to the trash bin.
[31:34.220 --> 31:38.480]  The approximate list of our findings is on the slide.
[31:38.480 --> 31:41.300]  There are a lot of untested critical code.
[31:41.620 --> 31:50.540]  We found some buffer overflows and logical flaws in kernel, as well as network state and others.
[31:50.720 --> 31:54.900]  Almost all vulnerabilities are exploitable easily.
[31:54.900 --> 31:59.660]  In secure maintenance and special modes we develop passwords.
[32:00.980 --> 32:10.360]  Also, you may find altered and debug signed operating system builds, as well as maintenance software and software development kits.
[32:12.080 --> 32:16.440]  And what is the impact of such findings, flaws and vulnerabilities?
[32:16.600 --> 32:22.240]  First of all, you have to understand that this hardware works with your payment card data.
[32:22.240 --> 32:25.940]  It means that hardware works with your money directly.
[32:25.960 --> 32:29.530]  The very short list of different attacks is on the slide.
[32:30.280 --> 32:33.540]  I have to say a few words about fake POS.
[32:33.540 --> 32:40.360]  If you were or live in Europe, you saw a lot of terminals in almost every touristic shops.
[32:41.080 --> 32:47.940]  The only one reason why it happens is in different rules for different terminals with different payment systems.
[32:47.940 --> 32:57.300]  When you card swiped or inserted in fake, not licensed and evil pinpad, your money became not yours.
[32:57.480 --> 33:04.260]  It happens because someone bought the POS terminal with not banking application, but evil.
[33:04.260 --> 33:11.820]  You may see on this slide advertisement about selling such firmware on some Russian underground forum.
[33:11.820 --> 33:18.600]  Any other attacks are mostly understandable and you may read more about them in open sources.
[33:18.600 --> 33:24.940]  This is another short list, but in this case it contains vulnerabilities we found by our team.
[33:25.000 --> 33:33.920]  As you may see, there exist such things like hardcoded credentials, insecure clear text and vulnerable protocols.
[33:33.920 --> 33:37.580]  A lot of arbitrary code executions, etc, etc.
[33:37.580 --> 33:45.160]  And one of my favorite is the last one, operating system independent code execution in Verifone Bootloader.
[33:45.160 --> 33:53.440]  Soon we are going to disclose technical details for every CVE from this list, but it would be a bit later.
[33:55.680 --> 34:00.360]  Finally, I want to thank these cool guys for their work and help.
[34:00.360 --> 34:03.960]  It was great to work together on this research.
[34:03.960 --> 34:14.200]  The team members are Timur Inusov, Dmitry Sklyarov, Igor Zaitsev, Vladimir Karanovich, Artem Ivachev and Maxim Kozhevnikov.
[34:14.580 --> 34:21.700]  And that's all for today. If you have any questions, suggestions or topics to discuss, feel free to contact me.
[34:21.700 --> 34:24.280]  Thank you for attention and stay healthy!
